Last updated: April 2026

Postilla is a browser extension that lets you comment on any web page. This policy covers both the Postilla browser extension and the postilla.io website. We've written it in plain language because we think you deserve to know exactly what we collect and why — without wading through pages of legalese.
The authoritative version of this policy is also published at https://postilla.io/privacy/.

== What we collect ==

When you create an account, we collect:
- Email address — used to verify your account and send transactional emails (like password resets).
- Username and display name — shown publicly alongside your comments.

When you use the extension, we collect:
- Comments you write — including the page URL they're attached to. We only receive a URL when you actively open the comment panel or post a comment. We don't monitor your browsing.
- Page URLs — only when you interact with the extension on that page. Normalized and stored so comments can be matched to the right page.
- IP addresses — used for rate limiting to prevent abuse. We don't store them long-term and don't link them to your account.
- Session cookie — the postilla.io website uses a session cookie to keep you logged in. It contains no personal information and expires when you log out or close your browser.

== What we don't collect ==
- No browsing history. The extension contacts our servers when you open the comment panel, post a comment, or check links on the current page for nearby discussions. It does not store or track your browsing history.
- No tracking pixels or analytics cookies. We don't run Google Analytics, Mixpanel, or any third-party tracking on this site.
- No selling your data. We don't share your personal information with advertisers or data brokers, ever.

== How we use your data ==
- Provide the commenting service — store and display your comments to other Postilla users on the same pages.
- Send transactional emails — account verification, password resets. That's it. No newsletters unless you ask for one.
- Process supporter payments via Stripe if you choose to become a supporter.
- Prevent abuse — rate limiting, spam detection, moderation of flagged content.

== Third parties ==

We use two third-party services:
- Stripe — for payment processing if you become a supporter. We never see or store your card details; Stripe handles everything. See https://stripe.com/privacy for details.
- SendGrid — for sending transactional emails (verification, password reset). Your email address is passed to SendGrid to deliver these messages. See https://www.twilio.com/en-us/legal/privacy for details.

We don't use any other third-party services that receive your personal data.

== Data retention ==
- Comments are kept until you delete them. You can delete individual comments from the extension or bulk-delete everything from your account settings.
- Account data is kept until you request deletion. After you delete your account, we retain your data for 30 days in case you change your mind. After that grace period, your account and all associated data (comments, flags, etc.) are permanently and irreversibly deleted.

== Exporting your data ==
You can export all your data at any time — your profile, all your comments, and the pages they're on — as a JSON file. This option is available from your account settings in the extension.

== Contact ==
Questions about this policy? Email us at hello@postilla.io. We're a small team and we read every message.